ublk: fix NULL pointer dereference in ublk_ctrl_set_size()#623
Open
blktests-ci[bot] wants to merge 1 commit intolinus-master_basefrom
Open
ublk: fix NULL pointer dereference in ublk_ctrl_set_size()#623blktests-ci[bot] wants to merge 1 commit intolinus-master_basefrom
blktests-ci[bot] wants to merge 1 commit intolinus-master_basefrom
Conversation
Author
|
Upstream branch: c107785 |
blktests-ci
bot
force-pushed
the
linus-master_base
branch
from
bbb3394 to
901a429
Compare
Author
|
Upstream branch: 5ee8dbf |
blktests-ci
bot
force-pushed
the
series/1062146=>linus-master
branch
from
ef187db to
4221ace
Compare
blktests-ci
bot
force-pushed
the
linus-master_base
branch
from
901a429 to
1f19ba6
Compare
Author
|
Upstream branch: 1f318b9 |
blktests-ci
bot
force-pushed
the
series/1062146=>linus-master
branch
from
4221ace to
24704e1
Compare
blktests-ci
bot
force-pushed
the
linus-master_base
branch
from
1f19ba6 to
e79276a
Compare
Author
|
Upstream branch: None |
blktests-ci
bot
force-pushed
the
series/1062146=>linus-master
branch
from
24704e1 to
bb2e75b
Compare
blktests-ci
bot
force-pushed
the
linus-master_base
branch
from
e79276a to
0dd9afc
Compare
Author
|
Upstream branch: 80234b5 |
ublk_ctrl_set_size() unconditionally dereferences ub->ub_disk via set_capacity_and_notify() without checking if it is NULL. ub->ub_disk is NULL before UBLK_CMD_START_DEV completes (it is only assigned in ublk_ctrl_start_dev()) and after UBLK_CMD_STOP_DEV runs (ublk_detach_disk() sets it to NULL). Since the UBLK_CMD_UPDATE_SIZE handler performs no state validation, a user can trigger a NULL pointer dereference by sending UPDATE_SIZE to a device that has been added but not yet started, or one that has been stopped. Fix this by checking ub->ub_disk under ub->mutex before dereferencing it, and returning -ENODEV if the disk is not available. Fixes: 98b9956 ("ublk: Add UBLK_U_CMD_UPDATE_SIZE") Cc: stable@vger.kernel.org Signed-off-by: Mehul Rao <mehulrao@gmail.com> Reviewed-by: Ming Lei <ming.lei@redhat.com>
blktests-ci
bot
force-pushed
the
series/1062146=>linus-master
branch
from
bb2e75b to
37a812f
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Pull request for series with
subject: ublk: fix NULL pointer dereference in ublk_ctrl_set_size()
version: 1
url: https://patchwork.kernel.org/project/linux-block/list/?series=1062146